Closed maidentaiwan closed 4 years ago
RFC 2636 § 5.1.1 defines the method as case-sensitive, so POST
and post
aren't the same method. If you want to parse this anyway, you can overwrite the %r
:
$parser = new LogParser();
$parser->addPattern('%r', '(?P<request>(?:(?:[A-Za-z]+) .+? HTTP/(1\.0|1\.1|2\.0))|-|)');
$parser->setFormat('%h %l %u %t "%r" %>s %O "%{Referer}i" "%{User-Agent}i"');
The trick is call setFormat
after addPattern
, otherwise it will still fail.
This real-life Apache log entry caused log-parser to crash on parse():
62.210.177.12 - - [05/Apr/2020:06:58:22 -0400] "post /wp-json/trx_addons/v2/get/sc_layout?sc=wp_insert_user&role=administrator&user_login=ndvtzaifnz&user_pass=6Wlh6SA0RT HTTP/1.1" 301 800 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
When
post
is changed toPOST
, log-parser works fine.(I'm guessing that this log entry was produced by a WordPress hacking attempt.)